20 Mar, 2020
Business Continuity & Covid-19

By Kayne Osbourne MCSI | Uncategorized | 0 Comments

Business Continuity & Covid-19

In light of the global coronavirus pandemic, the FCA has issued a statement reminding firms that it expects them to have contingency plans in place to deal with major events. The FCA is now actively reviewing the contingency plans of a wide range of firms, including assessments of operational risks, the ability of firms to continue to operate effectively and the steps firms are taking to serve and support their customers.

Irrespective of any internal disruption, the FCA expect firms to protect consumers. This is evident from their current focus on protecting consumers and market integrity in the short term whilst they delay and postpone non-critical activity.

What is operational resilience?

Operational resilience is an outcome. It is the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions. Such disruptions could range from technology failures, cyber-related and other operational incidents, including those outside of a firm’s control, such as a global health pandemic.

How to achieve operational resilience

  • identify important business services that, if disrupted, could cause harm to consumers or markets
  • set impact tolerances for each important business service (i.e. thresholds for maximum tolerable disruption to help achieve consumer protection and market integrity)
  • identify and document the people, processes, technology, facilities and information that support your important business services (mapping)
  • test your ability to remain within your impact tolerances through a range of severe but plausible disruption scenarios
  • conduct lessons learnt exercises to identify, prioritise, and invest in their ability to respond and recover from disruptions as effectively as possible
  • develop internal and external communications plans for when important business services are disrupted

What is operational risk?

Operational risk is the risk of reductions in earnings and/or value through financial or reputational loss, from inadequate or failed internal processes and systems or from people related or external events.

The risk profile of FinTechs will vary from firm to firm depending on the particular business model and the regulatory regime to which it is subject. With that said, below are some risks you should consider.

Business Continuity risk

The risk of reductions in earnings or value due unexpected or sustained business interruption.

Compliance & Legal risk

The risk of reductions in earnings or value through financial or reputational loss due to the Group’s failure to respond appropriately to regulation, laws or recognised industry standards that are relevant to the Group’s business activities, strategy and objectives.

Legal Risk is the risk to delivery of business objectives , reductions in earnings and/or value due to legal challenge, adverse judgements or unenforceable contracts.

Customer risk (including Treating Customers Fairly)

The risk of reductions in earnings or value through financial or reputational loss due to inappropriate or poor treatment of customers.

IT risk

The risk of reductions in earnings or value through financial or reputational loss due to IT service design and delivery not supporting the Group’s strategic objectives, or not being compliant with relevant regulation or legislation.

People risk

The risk of reductions in earnings or value through financial or reputational loss due to inappropriate behaviour, industrial action or health and safety issues. Loss can also be incurred through failure to recruit, retain, train, reward and incentivise appropriately skilled staff to achieve business objectives and through failure to take appropriate action as a result of staff underperformance.

Product risk

The risk of reductions in earnings or value through financial or reputational loss due to product design failing to meet customer, legal or regulatory expectations and requirements. This includes product implementation and management.

Supplier & Outsourcing risk

The risk of reductions in earnings or value through financial or reputational loss due to the failure of any supplier or outsourcer; and/or the actions of any third party being in breach of regulation or legislation.

Financial crime risk

The risk of reductions in earnings or value through financial or reputational loss due to financial crime, including bribery and corruption, and any failure to comply with legal and regulatory obligations; these losses may include censure, fines or the cost of litigation and reparation

Data & Management Information risk

The risk of reductions in earnings or value through financial or reputational loss due to any failure to maintain the quality, integrity, security and use of data, information and MI.

Errors & Omissions risk

The risk of reductions in earnings or value through financial or reputational loss due to errors, omissions or similar failures of systems, process or people.

What to do next

FinTech Compliance can support you in conducting a Business Impact Assessment and in reviewing your Business Continuity and Resilience arrangements.

To find out more, please contact us on info@fintechcompliance.co.uk to book a discussion with one of our experienced consultants.


Kayne Osbourne MCSI, author